Bug 1217473 (CVE-2023-5972)

Summary: VUL-0: CVE-2023-5972: kernel-source,kernel-source-azure,kernel-source-rt: kernel: null pointer dereference flaw was found in the nft_inner.c
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: tbogendoerfer, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/386005/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-11-24 08:36:48 UTC 
A null pointer dereference flaw was found in the nft_inner.c functionality of
netfilter in the Linux kernel. This issue could allow a local user to crash the
system or escalate their privileges on the system.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5972
Comment 1 Thomas Leroy 2023-11-24 08:39:09 UTC 
Only SLE15-SP6 has the buggy commit and not the fixes [0][1]. stable is already fixed.

[0] https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80
[1] https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7
Comment 11 Thomas Bogendoerfer 2024-01-05 08:43:57 UTC 
Fix is now in SLE15-SP6
Comment 20 Andrea Mattiazzo 2024-05-24 10:29:42 UTC 
All done, closing.